Firefox Vulnerability – known about for 17 years — Psinergy LLC
X
Menu

Firefox Vulnerability – known about for 17 years

While many consider ditching Google, including its web browser Chrome, due to privacy concerns and in response to recent actions, Firefox has been one of the primary alternate options. A recent Firefox exploit demonstration that uses a combination of a malicious HTML file, ClickJacking, iframe and SSH bugs may change that. (Proof of Concept video)

While news of another broad base vulnerability is not surprising, the fact that it’s been known about for 17 years is startling! Put simply, it’s now known that this weakness allows a hacker to access all files in the same folder and its subfolders that contain the malicious HTML file you unwittingly downloaded and didn’t realize you clicked on. Previously this was not seen as an issue and was used in SOP (Same-Origin Policy, which is a considered a critical security mechanism) that allows scripts to access files in the same local location, speeding things up for your browsing pleasure. This is now a major issue after a researcher, Barak Tawily, found a way to remotely gain access to, and subsequently, steal these files and transfer them to a remote server. While Barak is the first to publicly disclose the information of this vulnerability, who’s to say that others haven’t used it in the past. In 2015 a similar vulnerability within SOP was found being used in the wild.

The response from Mozilla seemed to downplay the risk and leads one to believe there are no plans to fix the issue. So, what can you do? At this point, it’s best to just not use Firefox until they find a way to fix this. Why? Just going to a website that contains the malicious HTML file can easily fool a person to click on things, like something that looks like, but are not actually, those “Do you want to allow this site to give notifications?”, “Allow/Deny” (kind of like the one you likely clicked when you accessed this article – and no, we didn’t code ours to be malicious…) and just clicking that can give the hacker access, and you’re none the wiser.

For more in-depth information: https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

You Might Also Liked

1903 is here, what have we seen? VLC Media Player Security Flaw! Barred from Google Ads – and why that’s bad for consumers… Change your Facebook password now! Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software — The Hacker News Windows 7 and Planning for the Future Caribou Coffee Stores Hacked for months… but what about your business? Microsoft Issues Emergency Patch for Windows 7 – 10, including Server OS

Upcoming Events

Jul
28
Sun
all-day Delta Aquarids Meteor Shower
Delta Aquarids Meteor Shower
Jul 28 all-day
The Delta Aquarids is an average shower that can produce up to 20 meteors per hour at its peak. It is produced by debris left behind by comets Marsden and Kracht. The shower runs annually from July 12 to August 23. It peaks this year on the night of July[...]
Jul
31
Wed
all-day Mercury Retrograde Ends
Mercury Retrograde Ends
Jul 31 all-day
see http://cantonbecker.com/retrograde for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click[...]
Aug
10
Sat
10:00 am Intro to Esogetics Crystal Thera... @ Psinergy Natural Health & Holistic Wellness
Intro to Esogetics Crystal Thera... @ Psinergy Natural Health & Holistic Wellness
Aug 10 @ 10:00 am – 6:00 pm
Intro to Esogetics Crystal Therapies @ Psinergy Natural Health & Holistic Wellness
An Apothecary of Light class These simple treatments from Esogetics Crystal Therapies are designed for health maintenance and self-help with common complaints from a natural health viewpoint. The therapies learned in this module are for everybody, be it at home or on the road. We are offering this workshop for health-conscious[...]
Aug
12
Mon
all-day Perseids Meteor Shower
Perseids Meteor Shower
Aug 12 all-day
The Perseids is one of the best meteor showers to observe, producing up to 60 meteors per hour at its peak. It is produced by comet Swift-Tuttle, which was discovered in 1862. The Perseids are famous for producing a large number of bright meteors. The shower runs annually from July[...]
Sep
5
Thu
6:00 pm Signals of the Body & Activating... @ Psinergy Natural Health & Holistic Wellness
Signals of the Body & Activating... @ Psinergy Natural Health & Holistic Wellness
Sep 5 @ 6:00 pm – 9:00 pm
Signals of the Body & Activating Dreams for Healing @ Psinergy Natural Health & Holistic Wellness
Learn 21+ Holistic self-care therapies that use a combination of touch and a special blend of essential oils and light to clear blockages and help promote health and wellbeing in this 1/2 day workshop. Therapies include body zones to promote dreaming, release emotional polarities and promoting emotional balance and areas to[...]
Sep
23
Mon
2:50 am Autumnal Equinox (Fall)
Autumnal Equinox (Fall)
Sep 23 @ 2:50 am – 3:50 am
The Sun will beam down directly on the equator giving us just about equal amounts of day and night in most parts of the world. If you live south of the equator, this is your Spring Equinox. Also, try balancing an egg on its end! Whether or not you succeed[...]
Oct
8
Tue
all-day Draconids Meteor Shower
Draconids Meteor Shower
Oct 8 all-day
The Draconids is a minor meteor shower producing only about 10 meteors per hour. It is produced by dust grains left behind by comet 21P Giacobini-Zinner, which was first discovered in 1900. The Draconids is an unusual shower in that the best viewing is in the early evening instead of[...]
Oct
12
Sat
10:00 am Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
Oct 12 @ 10:00 am – 6:00 pm
Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
An Apothecary of Light class These simple treatments from Esogetics Colorpuncture are designed for health maintenance and self-help with common complaints from a natural health viewpoint. The therapies learned in this module are for everybody, be it at home or on the road. We are offering this workshop for health-conscious[...]
Oct
21
Mon
all-day Orionids Meteor Shower
Orionids Meteor Shower
Oct 21 all-day
The Orionids is an average shower producing up to 20 meteors per hour at its peak. It is produced by dust grains left behind by comet Halley, which has been known and observed since ancient times. The shower runs annually from October 2 to November 7. It peaks this year[...]
Oct
31
Thu
all-day Mercury Retrograde Begins
Mercury Retrograde Begins
Oct 31 all-day
see http://cantonbecker.com/retrograde for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click[...]